From 3f1ff327addd171f6ed33d5245c34fe7c31ec471 Mon Sep 17 00:00:00 2001
From: Christophe Matthieu <chm@openerp.com>
Date: Thu, 14 Nov 2013 16:22:12 +0100
Subject: [PATCH] [FIX] website: access right for demo user

bzr revid: chm@openerp.com-20131114152212-jcmyzbf6zcpkp999
---
 addons/website_event/security/ir.model.access.csv     |  2 +-
 addons/website_event/security/website_event.xml       |  4 ----
 addons/website_hr_recruitment/models/__init__.py      |  1 +
 addons/website_hr_recruitment/models/hr_department.py | 11 +++++++++++
 .../security/ir.model.access.csv                      |  3 +--
 .../security/website_hr_recruitment_security.xml      | 11 ++++++++++-
 addons/website_sale/controllers/main.py               |  5 +++++
 addons/website_sale/security/ir.model.access.csv      |  8 ++++----
 addons/website_sale/security/website_sale.xml         |  5 -----
 9 files changed, 33 insertions(+), 17 deletions(-)
 create mode 100644 addons/website_hr_recruitment/models/hr_department.py

diff --git a/addons/website_event/security/ir.model.access.csv b/addons/website_event/security/ir.model.access.csv
index 8f1c49cf98a..9778b0993e7 100644
--- a/addons/website_event/security/ir.model.access.csv
+++ b/addons/website_event/security/ir.model.access.csv
@@ -1,6 +1,6 @@
 id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
 access_event_event_public,event.event.public,event.model_event_event,base.group_public,1,0,0,0
 access_event_type_public,event.type.public,event.model_event_type,base.group_public,1,0,0,0
-access_event_event_ticket_public,event.event.ticket.public,event_sale.model_event_event_ticket,base.group_public,1,0,0,0
+access_event_event_ticket_public,event.event.ticket.public,event_sale.model_event_event_ticket,,1,0,0,0
 access_event_product_product_public,event.product.product.public,product.model_product_product,base.group_public,1,0,0,0
 access_event_product_template_public,event.product.template.public,product.model_product_template,base.group_public,1,0,0,0
diff --git a/addons/website_event/security/website_event.xml b/addons/website_event/security/website_event.xml
index 42e16c5ed68..8514cf28457 100644
--- a/addons/website_event/security/website_event.xml
+++ b/addons/website_event/security/website_event.xml
@@ -5,7 +5,6 @@
         <field name="name">event: Public</field>
         <field name="model_id" ref="event.model_event_event"/>
         <field name="domain_force">[('website_published', '=', True)]</field>
-        <field name="groups" eval="[(4, ref('base.group_public'))]"/>
         <field name="perm_read" eval="True"/>
         <field name="perm_write" eval="False"/>
         <field name="perm_create" eval="False"/>
@@ -15,7 +14,6 @@
         <field name="name">event ticket: Public</field>
         <field name="model_id" ref="event_sale.model_event_event_ticket"/>
         <field name="domain_force">[('event_id.website_published', '=', True)]</field>
-        <field name="groups" eval="[(4, ref('base.group_public'))]"/>
         <field name="perm_read" eval="True"/>
         <field name="perm_write" eval="False"/>
         <field name="perm_create" eval="False"/>
@@ -25,7 +23,6 @@
         <field name="name">Product linked to event: Public</field>
         <field name="model_id" ref="product.model_product_product"/>
         <field name="domain_force">[('event_ticket_ids.event_id.website_published', '=', True)]</field>
-        <field name="groups" eval="[(4, ref('base.group_public'))]"/>
         <field name="perm_read" eval="True"/>
         <field name="perm_write" eval="False"/>
         <field name="perm_create" eval="False"/>
@@ -35,7 +32,6 @@
         <field name="name">Product template linked to event: Public</field>
         <field name="model_id" ref="product.model_product_template"/>
         <field name="domain_force">[('product_variant_ids.event_ticket_ids.event_id.website_published', '=', True)]</field>
-        <field name="groups" eval="[(4, ref('base.group_public'))]"/>
         <field name="perm_read" eval="True"/>
         <field name="perm_write" eval="False"/>
         <field name="perm_create" eval="False"/>
diff --git a/addons/website_hr_recruitment/models/__init__.py b/addons/website_hr_recruitment/models/__init__.py
index 755183a1d3c..cab7e314c0a 100644
--- a/addons/website_hr_recruitment/models/__init__.py
+++ b/addons/website_hr_recruitment/models/__init__.py
@@ -1 +1,2 @@
 import hr_job
+import hr_department
diff --git a/addons/website_hr_recruitment/models/hr_department.py b/addons/website_hr_recruitment/models/hr_department.py
new file mode 100644
index 00000000000..3bb7c8c45db
--- /dev/null
+++ b/addons/website_hr_recruitment/models/hr_department.py
@@ -0,0 +1,11 @@
+# -*- coding: utf-8 -*-
+
+from openerp.osv import osv, fields
+
+
+class hr_department(osv.osv):
+    _inherit = "hr.department"
+    _columns = {
+        # add field for access right
+        'department_ids': fields.one2many('hr.job', 'department_id', 'Department'),
+    }
\ No newline at end of file
diff --git a/addons/website_hr_recruitment/security/ir.model.access.csv b/addons/website_hr_recruitment/security/ir.model.access.csv
index 99250dc248f..08e4d088ac8 100644
--- a/addons/website_hr_recruitment/security/ir.model.access.csv
+++ b/addons/website_hr_recruitment/security/ir.model.access.csv
@@ -1,4 +1,3 @@
 id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
-access_hr_job_public,hr.job.public,hr.model_hr_job,base.group_public,1,0,0,0
+access_hr_job_public,hr.job.public,hr.model_hr_job,,1,0,0,0
 access_hr_department_public,hr.department.public,hr.model_hr_department,base.group_public,1,0,0,0
-access_hr_applicant_public,hr.applicant.public,hr_recruitment.model_hr_applicant,base.group_public,1,0,0,0
diff --git a/addons/website_hr_recruitment/security/website_hr_recruitment_security.xml b/addons/website_hr_recruitment/security/website_hr_recruitment_security.xml
index 42b2b987578..58effd8272f 100644
--- a/addons/website_hr_recruitment/security/website_hr_recruitment_security.xml
+++ b/addons/website_hr_recruitment/security/website_hr_recruitment_security.xml
@@ -5,7 +5,15 @@
         <field name="name">Job Positions: Public</field>
         <field name="model_id" ref="hr.model_hr_job"/>
         <field name="domain_force">[('website_published', '=', True)]</field>
-        <field name="groups" eval="[(4, ref('base.group_public'))]"/>
+        <field name="perm_read" eval="True"/>
+        <field name="perm_write" eval="False"/>
+        <field name="perm_create" eval="False"/>
+        <field name="perm_unlink" eval="False"/>
+    </record>
+    <record id="hr_department_public" model="ir.rule">
+        <field name="name">Job department: Public</field>
+        <field name="model_id" ref="hr.model_hr_department"/>
+        <field name="domain_force">[('department_ids.website_published', '=', True)]</field>
         <field name="perm_read" eval="True"/>
         <field name="perm_write" eval="False"/>
         <field name="perm_create" eval="False"/>
@@ -13,3 +21,4 @@
     </record>
 </data>
 </openerp>
+
diff --git a/addons/website_sale/controllers/main.py b/addons/website_sale/controllers/main.py
index fddbd4dbee4..175be51da47 100644
--- a/addons/website_sale/controllers/main.py
+++ b/addons/website_sale/controllers/main.py
@@ -324,6 +324,11 @@ class Ecommerce(http.Controller):
 
         domain = [("sale_ok", "=", True)]
 
+        try:
+            product_obj.check_access_rights(request.cr, request.uid, 'write')
+        except:
+            domain += [('website_published', '=', True)]
+
         # remove product_product_consultant from ecommerce editable mode, this product never be publish
         ref = request.registry.get('ir.model.data').get_object_reference(request.cr, SUPERUSER_ID, 'product', 'product_product_consultant')
         domain += [("id", "!=", ref[1])]
diff --git a/addons/website_sale/security/ir.model.access.csv b/addons/website_sale/security/ir.model.access.csv
index c5ee3cf0e9e..39ec59589e6 100644
--- a/addons/website_sale/security/ir.model.access.csv
+++ b/addons/website_sale/security/ir.model.access.csv
@@ -8,7 +8,7 @@ access_product_pricelist_public,product.pricelist.public,product.model_product_p
 access_product_product_price_type_public,product.price.type.public,product.model_product_price_type,base.group_public,1,0,0,0
 access_sale_order_public,sale.order.public,model_sale_order,base.group_public,1,0,0,0
 access_sale_order_line_public,sale.order.line.public,model_sale_order_line,base.group_public,1,0,0,0
-access_product_attribute,product.attribute.public,website_sale.model_product_attribute,base.group_public,1,0,0,0
-access_product_attribute_value,product.attribute.value.public,website_sale.model_product_attribute_value,base.group_public,1,0,0,0
-access_product_attribute_product,product.attribute.product.public,website_sale.model_product_attribute_product,base.group_public,1,0,0,0
-access_website_product_style,website.product.style.public,website_sale.model_website_product_style,base.group_public,1,0,0,0
\ No newline at end of file
+access_product_attribute,product.attribute.public,website_sale.model_product_attribute,,1,0,0,0
+access_product_attribute_value,product.attribute.value.public,website_sale.model_product_attribute_value,,1,0,0,0
+access_product_attribute_product,product.attribute.product.public,website_sale.model_product_attribute_product,,1,0,0,0
+access_website_product_style,website.product.style.public,website_sale.model_website_product_style,,1,0,0,0
\ No newline at end of file
diff --git a/addons/website_sale/security/website_sale.xml b/addons/website_sale/security/website_sale.xml
index d08a15f2cc5..c6c2c637f8f 100644
--- a/addons/website_sale/security/website_sale.xml
+++ b/addons/website_sale/security/website_sale.xml
@@ -5,7 +5,6 @@
         <field name="name">Public product template</field>
         <field name="model_id" ref="product.model_product_template"/>
         <field name="domain_force">[('website_published', '=', True), ("sale_ok", "=", True)]</field>
-        <field name="groups" eval="[(4, ref('base.group_public'))]"/>
         <field name="perm_read" eval="True"/>
         <field name="perm_write" eval="False"/>
         <field name="perm_create" eval="False"/>
@@ -15,7 +14,6 @@
         <field name="name">Public product</field>
         <field name="model_id" ref="product.model_product_product"/>
         <field name="domain_force">[('website_published', '=', True), ("sale_ok", "=", True)]</field>
-        <field name="groups" eval="[(4, ref('base.group_public'))]"/>
         <field name="perm_read" eval="True"/>
         <field name="perm_write" eval="False"/>
         <field name="perm_create" eval="False"/>
@@ -26,7 +24,6 @@
         <field name="name">Public Personal Orders</field>
         <field ref="model_sale_order" name="model_id"/>
         <field name="domain_force">[('state','=','draft'), ('website_session_id','!=',False), ('website_session_id','=',session.get('website_session_id'))]</field>
-        <field name="groups" eval="[(4, ref('base.group_public'))]"/>
         <field name="perm_read" eval="True"/>
         <field name="perm_write" eval="False"/>
         <field name="perm_create" eval="False"/>
@@ -36,7 +33,6 @@
         <field name="name">Public Personal Order lines</field>
         <field ref="model_sale_order_line" name="model_id"/>
         <field name="domain_force">[('state','=','draft'), ('order_id.website_session_id','!=',False), ('order_id.website_session_id','=',session.get('website_session_id'))]</field>
-        <field name="groups" eval="[(4, ref('base.group_public'))]"/>
         <field name="perm_read" eval="True"/>
         <field name="perm_write" eval="False"/>
         <field name="perm_create" eval="False"/>
@@ -47,7 +43,6 @@
         <field name="name">Public product pricelist</field>
         <field name="model_id" ref="product.model_product_pricelist"/>
         <field name="domain_force">[('id','=',session.get('ecommerce_pricelist'))]</field>
-        <field name="groups" eval="[(4, ref('base.group_public'))]"/>
         <field name="perm_read" eval="True"/>
         <field name="perm_write" eval="False"/>
         <field name="perm_create" eval="False"/>